قالب وردپرس درنا توس
Home / Technology / F-Secure says almost all computers are exposed to new cold start attacks

F-Secure says almost all computers are exposed to new cold start attacks



This site can earn affiliate commissions from the links on this page. Terms of Use.

Look at the laptop there, the lid closed and sleeping properly. It looks safe, right? Well, there's a good chance that it's vulnerable to a cold boot attack that can compromise your data. According to the security firm F-Secure, almost all computers are exposed to this type of attack.

The essence of this attack is the way computers control RAM through firmware. Coldstart attacks are not new – the first came together in 2008. Then security researchers realized that you could hardly restart a machine and siphon some data from RAM. This may contain sensitive information such as encryption keys and personal documents that were open before the device restarted. In recent years, computers have been hardened against this type of attack by ensuring that RAM is cleared faster. For example, restoring power to a disconnected machine will delete the contents of RAM.

The new attack can get around the protection of cold boot because it's not off – it just sleeps. F-Secures Olle Segerdahl and Pasi Saarinen found a way to rewrite the non-volatile memory chip containing the security settings, thus disabling memory overruns. Then, the attacker can boot from an external device to read the contents of the system RAM before the device fell asleep.

You can see the process in the video below. It's obviously quite involved, but an experienced attacker can get it done in minutes. F-Secret's description of the attack seems deliberately vague on how you precisely modify the firmware, but we're sure it's "easy". Perhaps the saving grace is that someone needs physical access to the computer and plenty of time to take it apart to steal data. Also, some computers are not very easy to disassemble these days.

F-Secure says there's no easy solution for PC vendors – there will always be ways to extract data from RAM with the right methods. However, final users and businesses can change their practices to limit the impact of cold start attacks. Using firmware passwords can cure computers, and just closing the lid on a laptop is risk. Instead of letting computers go to sleep, F-Secure recommends using hibernation. Hibernation deletes encryption keys from RAM, but other files may still be at risk. Turn off the computer completely, still the best defense.

Read Now: Security Holes Discovered in 2 Popular VPN Services, Intel Drops Security Patch Benchmark Prohibition After Public Outbreak and New Speculative Performance Security Error Crack Intel Software Guard Extensions [19659008] (Feature (d, s, id) {
where js, fjs = d.getElementsByTagName (s) [0];
if (d.getElementById (id)) return;
js = d.createElement (s); js.id = id;
js.src = "http://connect.facebook.net/en_US/all.js#xfbml=1";
fjs.parentNode.insertBefore (js, fjs);
} (document, & # 39; script & # 39 ;, & # 39; facebook-jssdk & # 39;));

Source link